OAuth2 – Ready or not (here I come) presented at TROOPERS 2013

by Dominick Baier,

Tags: Security

Summary : After a 3-year long struggle, the IETF finally released the OAuth2 specifications (RFC 6749 & 6750). While all the big players (like Google, Microsoft and Facebook) are already using it, more and more people want to follow. But there is big confusion about what OAuth2 really is, what its uses cases are and which problems it can actually solve. At the same time, also the security experts out there don’t really agree if OAuth2 is a complete failure, or not – or something in between. Dominick walks you through OAuth2, its use cases, dark corners and pitfalls.